David,
On 10 Oct 2024, at 3:35 AM, David Conrad <david.conrad@layer9.tech> wrote:
On Oct 9, 2024, at 3:49 AM, Terry Manderson via rssac-caucus <rssac-caucus@icann.org> wrote:
Why (5-why"s root cause analysis) is that address special?
Root server addresses come hard wired into millions of (potentially) unmanaged servers globally. Updating those addresses has been empirically proven to take a _very_ long time. Reusing those addresses is problematic and poses a security risk. There are probably others I’m forgetting.
I will take your word for that, I would have to find data to say otherwise.
- continue providing DNS root service on the address what does it matter if the DNS answer validates?
2/3rds of the Internet doesn’t validate after decades and it doesn’t appear the rate of change is improving all that much?
Looking at DO bit query attributes on L.ROOT-SERVERS.NET <http://l.root-servers.net/> publicly available data, DO=1 is around the 130K queries per second, with DO=0 or no DO at around 30K queries per second. I don't agree with "2/3rds don't validate." I will agree that the graph seems stable - others with longer baseline visibility might be able to observe a trend. Cheers, Terry